I am not sure If this is the right place to ask however I try. Feel free to delete this post if I posted on the wrong place. I set up a gitea server and can't get a let's encrypt certificate but I am not sure if this might be a network/connection problem or a misconfiguration of gitea. I think gitea utalizes a certbot on its boot process in order to get a let's encrypt certificate. However this fails (see log below).
The http-01 challenge failed but the host is reachable via http on port 80 from external? Is there a way to debug this issue?
My domain is: git.stubenhocker.tech
I ran this command:
GITEA_WORK_DIR=/mnt/data/gitea/ /usr/local/bin/gitea web -c /etc/gitea/app.ini
It produced this output:
1.6766548312522943e+09 info maintenance started background certificate maintenance {"cache": "0xc000147570"}
1.6766548312532663e+09 info obtain acquiring lock {"identifier": "git.stubenhocker.tech"}
1.676654831260435e+09 info obtain lock acquired {"identifier": "git.stubenhocker.tech"}
1.6766548312608883e+09 info obtain obtaining certificate {"identifier": "git.stubenhocker.tech"}
1.6766548312946668e+09 info waiting on internal rate limiter {"identifiers": ["git.stubenhocker.tech"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": "alpha@anonymous.digital"}
1.6766548312947736e+09 info done waiting on internal rate limiter {"identifiers": ["git.stubenhocker.tech"], "ca": "https://acme-v02.api.letsencrypt.org/directory", "account": "alpha@anonymous.digital"}
1.6766548323967907e+09 info acme_client trying to solve challenge {"identifier": "git.stubenhocker.tech", "challenge_type": "http-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
1.6766548329715614e+09 error acme_client challenge failed {"identifier": "git.stubenhocker.tech", "challenge_type": "http-01", "problem": {"type": "urn:ietf:params:acme:error:connection", "title": "", "detail": "82.197.161.171: Fetching http://git.stubenhocker.tech/.well-known/acme-challenge/6VZUk0mYa9l9TwDo0uvkMkPyTMLrzMSqO4QMg6WrwtM: Connection refused", "instance": "", "subproblems": []}}
1.6766548329718156e+09 error acme_client validating authorization {"identifier": "git.stubenhocker.tech", "problem": {"type": "urn:ietf:params:acme:error:connection", "title": "", "detail": "82.197.161.171: Fetching http://git.stubenhocker.tech/.well-known/acme-challenge/6VZUk0mYa9l9TwDo0uvkMkPyTMLrzMSqO4QMg6WrwtM: Connection refused", "instance": "", "subproblems": []}, "order": "https://acme-v02.api.letsencrypt.org/acme/order/968237346/165349594476", "attempt": 1, "max_attempts": 3}
1.6766548343264039e+09 info acme_client trying to solve challenge {"identifier": "git.stubenhocker.tech", "challenge_type": "tls-alpn-01", "ca": "https://acme-v02.api.letsencrypt.org/directory"}
1.6766548353137372e+09 error acme_client challenge failed {"identifier": "git.stubenhocker.tech", "challenge_type": "tls-alpn-01", "problem": {"type": "urn:ietf:params:acme:error:connection", "title": "", "detail": "82.197.161.171: Connection refused", "instance": "", "subproblems": []}}
1.6766548353140833e+09 error acme_client validating authorization {"identifier": "git.stubenhocker.tech", "problem": {"type": "urn:ietf:params:acme:error:connection", "title": "", "detail": "82.197.161.171: Connection refused", "instance": "", "subproblems": []}, "order": "https://acme-v02.api.letsencrypt.org/acme/order/968237346/165349598436", "attempt": 2, "max_attempts": 3}
1.6766548353144171e+09 error obtain could not get certificate from issuer {"identifier": "git.stubenhocker.tech", "issuer": "acme-v02.api.letsencrypt.org-directory", "error": "HTTP 400 urn:ietf:params:acme:error:connection - 82.197.161.171: Connection refused"}
1.676654835314611e+09 info obtain releasing lock {"identifier": "git.stubenhocker.tech"}
My web server is (include version):
gitea 1.18.3 (https://gitea.com/)
The operating system my web server runs on is (include version):
Debian 11
My hosting provider, if applicable, is:
Self hosted
I can login to a root shell on my machine (yes or no, or I don't know):
Yes
I'm using a control panel to manage my site (no, or provide the name and version of the control panel):
No
The version of my client is (e.g. output of certbot --version
or certbot-auto --version
if you're using Certbot): None